Ads.cert is the digital media’s latest effort to combat fraud
The digital ad industry’s ads.txt effort to root out certain types of programmatic ad fraud, like domain spoofing, has shown to be effective at ensuring advertisers’ ads and dollars make it to their intended publishers — but it’s not perfect.
“The most fundamental loophole in ads.txt, beside the lack of support for mobile app inventory, is the need to trust, not that others are validating [against publishers’ ads.txt files] but that they’re not complicit in the fraud,” said Curt Larson, chief product officer at ad tech firm Sharethrough and member of the IAB Tech Lab’s OpenRTB working group.
That trust loophole is expected to close when IAB Tech Lab officially rolls out OpenRTB 3.0, the industry standard framework that undergirds the automated advertising process. That official release is getting closer. After debuting the draft version of OpenRTB 3.0 for public comment in September 2017, the IAB Tech Lab will release a beta version of the specification on July 24, said IAB Tech Lab CTO Sam Tingleff.
OpenRTB 3.0 is pertinent to the potential for ads.txt fraud because it will include ads.cert, a process that will certify the authenticity of a publisher’s inventory through the programmatic chain of custody and address the potential for companies in the programmatic supply chain to pass off impostor inventory as the real deal.
“Ads.txt is sort of the store directory. It’s Rolex saying here are the authorized places to buy a Rolex. But the [authorized] store could be selling fake Rolexes on the side. Ads.cert is the certificate of authenticity traceable back to the manufacturer,” said Ian Trider, director of RTB platform operations at Centro and member of the IAB Tech Lab’s OpenRTB working group.
The certificate of authenticity provided by OpenRTB 3.0’s ads.cert “gets rid of the need to trust really anyone in the chain,” said Larson. Of course that’s contingent upon the official update’s release and ad tech firms’ adoption of it. Until then, there remains the loophole of trust that received attention earlier this month when it was highlighted by Forensiq, the ad fraud detection arm of ad tech firm Impact.
Forensiq claimed that mobile apps are able to masquerade as web publishers and trick ad exchanges and supply-side platforms into passing off their in-app inventory as another publisher’s authentic web inventory. However Forensiq’s loophole hinges on an exchange, SSP or the advertiser’s chosen demand-side platform not checking the publisher’s ads.txt file to determine that the mobile app is or is not the publisher it claims to be, as illustrated in the image below provided by Forensiq.
That contingency craters the argument that such a loophole exists, according to members of the IAB Tech Lab’s working group that handles ads.txt. Cross-referencing ads.txt files as inventory passes from publisher to various ad tech platforms to advertiser is “the whole point of the ads.txt spec,” said Tingleff.
For its part, Forensiq has not been able to prove that this type of ads.txt fraud has happened. But its aim was to show that it’s possible and to underscore the need for everybody in the programmatic supply chain to validate against publisher’s ads.txt file, according to Amit Joshi, director of product and data science at Forensiq. “The only way that [ads.txt is] truly effective is if everybody in the supply chain is validating,” he said.
That stipulation may seem obvious, but it may have been missed by anyone who has read ads.txt’s documentation and assumed that only the demand-side platforms that advertisers use are responsible for validating against publishers’ ads.txt files.
Stating in the ads.txt spec that all companies in the programmatic supply chain should assume responsibility for validating against publishers’ ads.txt files is “definitely something which makes sense to clarify in the next spec release. Creating specifications like this is always a process of continual improvement and we welcome participation in that process,” Tingell said.
“The nature of the ads.txt spec assumes that ultimately the validation has to live at the buy side. In other words, the buyer’s DSP has to be the entity doing the validating because intermediaries along the supply chain, their interest is not aligned in preventing the propagation of that [fraudulent] inventory,” said Ian Trider, director of RTB platform operations at Centro and member of the IAB Tech Lab’s OpenRTB working group.
Theoretically, if an advertiser’s DSP is looking to buy a publisher’s inventory from a certain exchange or SSP, it will be able to check that the exchange or SSP and its corresponding seller ID is listed on the publisher’s ads.txt file. If it is, then the inventory is likely authentic; if not, then likely not. But that assumes that the exchange or SSP is not falsifying that information in order to peddle inventory from another publisher posing as the intended one, such as by bundling the real and fake inventory together.
“What ads.txt really solves for is publisher fraud or maybe an ad network that they’re working with spoofing the domain. But if the exchange that the DSP is buying on is complicit in the fraud, literally being actively part of the fraud, then you couldn’t detect that with ads.txt,” said Larson.
None of the executives interviewed for this article were aware of any exchanges or SSPs that have committed this type of ads.txt fraud.
‘Time to go on the offense’: In a choppy ad tech M&A market, strategic investors eye deals
For many strategic investors, it's a good moment to put their corporate development teams to work.
Why Spotify makes Wrapped its annual marketing moment
As first-party data becomes increasingly important, so does Spotify's Wrapped end of year marketing campaign.
Why YouTube’s focus on competing with streamers may have hurt the platform as brands focus on TikTok
As competition continues to heat up in the digital video and content creation space with TikTok, Instagram and the recent addition of social app BeReal, YouTube may be feeling that heat more and more.
SponsoredPublishers are adapting advertising strategies for a privacy-first world
Tina Iannacchino, senior publisher director, Seedtag So much of the attention around the death of third-party cookies and its impact on the digital advertising industry is focused on the implications for brands and consumers, which is far from the complete picture. The digital publishing industry in the U.S. is massive and set to be shaken […]
Dentsu’s new global gaming lead reflects on gaming strategy ‘void’ in advertising, media
Despite the rapid rise of gaming in recent years — or perhaps because of it — many brands and marketers are still confused about how to best reach the gaming community. Dentsu's new global gaming lead Brent Koning is equipped to navigate these uncertain waters.
A look at Coke’s World Cup marketing strategy with senior marketing exec Javier Meza
Many of the world's most influential brands are competing to win over consumers while Qatar hosts the World Cup. One such brand is Coca-Cola.